Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document permissions setting for GITHUB_TOKEN #59

Merged
merged 1 commit into from
Feb 7, 2023
Merged

Document permissions setting for GITHUB_TOKEN #59

merged 1 commit into from
Feb 7, 2023

Conversation

azriel91
Copy link
Contributor

Without this, the push will fail, but it is difficult to discover where to configure it.

@azriel91
Document permissions setting for GITHUB_TOKEN
bf89198 
Without this, the push will fail, but it is difficult to discover where to configure it.
@shalzz
Copy link
Owner

shalzz commented Feb 1, 2023

Hi, GITHUB_TOKEN is available by default on every repo with correct permissions. Are you sure this has changed?

@azriel91
Copy link
Contributor Author

azriel91 commented Feb 1, 2023
edited
Loading

Hm, I'm not sure if the default has changed, but the repo I newly created (first commit 2023-01-24) had it on the Read repository contents and packages permissions option.

Someone else encountered this (ad-m/github-push-action#96 (comment)), though it seems random -- maybe it depends on the last repository one has forked / created.

@azriel91
Copy link
Contributor Author

azriel91 commented Feb 7, 2023

Heya, looks like Github changed the default: Updating the default GITHUB_TOKEN permissions to read-only:

Previously, GitHub Actions gets a GITHUB_TOKEN with both read/write permissions by default whenever Actions is enabled on a repository.
As a default, this is too permissive, so to improve security we would like to change the default going forward to a read-only token. You can still flip it to read/write if needed.

@shalzz shalzz merged commit 71190a6 into shalzz:master Feb 7, 2023
@shalzz
Copy link
Owner

shalzz commented Feb 7, 2023

Ok, I see. Thanks, merged!

@azriel91 azriel91 deleted the patch-2 branch February 7, 2023 05:01
@FineFindus FineFindus mentioned this pull request Jul 17, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@azriel91 @shalzz